If you’re looking for the 60-page cybersecurity policy review that President Barack Obama discussed this morning, you can find it here.
Considering that AlephOne’s article on “Smashing the Stack for Fun and Profit” was released in 1996, Iloveyou in 2000, CodeRed in 2001, the Slammer worm in 2003, the Witty worm event in 2004, the thousands of system intrusions and compromises since (reported and unreported), and the list goes on, the review seems around fifteen years late on delivery. But better late than never. It addresses badly needed subjects and planning in thoughtful and creative ways.
Some of the document is predictably clumsy. Chapter IV, “Creating Effective Information Sharing and Incident Response”, oddly starts out with a current example of Downadup/Conficker as impetus for action: “For example, despite advance warning and instructions on how networks could be protected, had the “Conficker [Downadup]”worm activated on April 1, 2009 with a malicious payload, some federal departments and agencies were not prepared to respond”. What malicious payload? Unprepared in what way? To infected machines within the federal and state governements? To a DDoS attack from the the majority of Downadup-infected systems across the ocean that actually were infected (and most just wound up with a FakeAv download)? Don’t leave me hanging, folks, what were they unprepared for?
Of note, some of the law enforcement agencies in attendance at the presentation have field offices with agents that don’t know what a URL is (which is much like reporting something to a police officer and hearing them respond “Sorry, I don’t know what a street address is, please tell someone else”). Based on that level of techno-savvy, the section on cyber-education is much needed, overdue, and significant: “Building Capacity for a Digital Nation”.
It’s a good read, especially the section addressing internationally co-ordinated efforts, “Partner Effectively With the International Community”.
Cheers to open dialog about cyber-security challenges!